I offer a 14-day free trial of my app and sell/license it using a mixture of node-machine-id to register computers and JWT as the actual license signing. Users often register multiple email addresses to effectively get multiple 14-day free trials.

I don't currently enforce a number of times a computer can be "registered" in my system, and because of these lax rules I am seeing a lot of really interesting patterns. And by interesting I mean I suspect my competitors are somehow funding click fraud against my ads.

For example, I can see the same computer registered 27 times over the last year (every 14 days) to 27 different email addresses and widely differing IPs. However, when I run the IPs through online tools to analyze where they're coming from, it's almost always some kind of VPN via Amazon.

I fear that if I clamp down on how many times a user can register a computer for a free trial that the click fraud folks might know that I know... When I first saw these patterns I emailed about 30 of the addresses thinking that it could be a real user and offered them a free license - no reply.

Another thought I had was to build in a much more intrusive analytics feature that would only activate when the computer was registered >X times, offering me the ability to actually see if the software is being used. I even thought of adding something like Intercom so I could message these users real-time and offer them $X,000 USD for divulging who is paying them... something, anything.

I currently use ClickCease and the "detection rate" is about 10% of all ad clicks bounce or are VPN traffic, but it seems very concentrated on just two of my ad campaigns that are likely bid on by my competitors.

If anyone here specializes in this kind of work, I'd be happy to chat and compare notes, try out different services, etc.